Closely monitoring the post-take down activities of the Waledac botnet, security researchers took a peek inside the botnet's cache of stolen accounting data, and found half a million stolen email passwords, next to hundreds of thousands of stolen FTP passwords.

"More specifically, they have 123,920 login credentials to FTP servers at their disposal. This number is significant, considering the Waledac controllers use an automated program to login to these servers and patch (or upload) specific files to redirect users to sites that serve malware or promote cheap pharmaceuticals.

We also discovered 489,528 credentials for POP3 email accounts. These credentials are known to be used for “high-quality” spam campaigns."